This bug can be exploited remotely if ChallengeResponseAuthentication
is enabled in sshd_config, allowing attackers to gain superuser access.

DETAIL

A vulnerability exists within the "challenge-response" authentication
mechanism in the OpenSSH daemon (sshd). This mechanism, part of the SSH2
protocol, verifies a user's identity by generating a challenge and
forcing the user to supply a number of responses. It is possible for a
remote attacker to send a specially-crafted reply that triggers an
overflow. Remote attackers can therefore gain superuser priveleges.